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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to communication(s) filed on 29 September 2000 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-41 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) \3 Claim(s) 1-41 is/are rejected. 

Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner, 

10)[3 The drawing(s) filed on 29 September 2000 is/are: a)^ accepted or b)0 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .1 21 (d). 
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application from the International Bureau (PCT Rule 17.2(a)). 
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This action is in response to the communication filed on 09/29/2000. 

DETAILED ACTION 

1. Claims 1-41 have been examined. 

Title 

2. The title of the invention is acceptable. 

Priority 

3. No claim for priority has been made for this application. 

4. The effective filing date for the subject matter defined in the pending claims in 
this application is 09/29/2000. 

Information Disclosure Statement 

5. The information disclosure statement (IDS) submitted on 01/12/2001 is in 
compliance with the provisions of 37 CFR 1 .97. Accordingly, the examiner is 
considering the information disclosure statement. 

Drawings 

6. The drawings filed on 09/29/2000 are acceptable for examination proceedings. 

Specification 

7. Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 
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The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 150 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said, " should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns, " "The disclosure defined by this invention, " "The disclosure 
describes, " etc. 

8. The abstract of the disclosure is objected to because 

Line 1: "MANAGED AUTHENTICATION SERVICE" must be removed, as it is not 
a proper heading for the Abstract of the Disclosure. 

Line 4: The phrase "is described" can be implied and therefore must be 



9. Claims 4, and 38 - 41 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claim 4 recites the limitation " for the digital certificate " in line 2. There is 
insufficient antecedent basis for this limitation in the claim. 

Claim 38 Lines 6 and 7, and Claim 40 Line 2 recite the limitation "substantially" 
and are therefore rejected. This is because one of ordinary skill in the art could not 



removed. 



Correction is required. See MPEP § 608.01(b). 



Claim Rejections - 35 USC §112 
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determine how static information needed to be in order to be considered "substantially 
static", or how dynamic information needed to be in order to be considered 
"substantially dynamic", or how often is comprised by "a substantially regular basis" and 
therefore would not be able to determine the scope of these claims. 

Claims 39 and 41 are rejected by virtue of their dependency on claim 38. 

See MPEP§ 608.01 (i). 



Claim Rejections - 35 USC § 102 

10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a 
foreign country or in public use or on sale in this country, more than one year 
prior to the date of application for patent in the United States. 



(e) the invention was described in (1) an application for patent, published under 
section 122(b), by another filed in the United States before the invention by the 
applicant for patent or (2) a patent granted on an application for patent by 
another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application 
filed in the United States only if the international application designated the 
United States and was published under Article 21(2) of such treaty in the English 
language. 
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11. Claim 1-5, 13-17, 25-27, and 38-41 are rejected under 35 U.S.C. 102(e) as being 
anticipated by French et al. (U.S. Patent Number 6,321 ,339) hereinafter referred to as 
French. 

12. Claim 1 recites receiving registration information from a user (See French Fig. 1 
Elements 16, 18, and 20), verifying registration information (See French Fig. 1 Elements 
32 and 40), issuing digital credential to user based on result from verification (See 
French Fig. 3 Elements 314 and 318), and communicating the registration information to 
a central authentication service (See French Col. 5 Paragraph 8 - Col. 6 Paragraph 2). 

1 3. Claim 2 recites communicating registration status of the user to the 
authentication service. French disclosed logging a transaction record of data sent to 
and from the authorization database (See French Col. 5 Paragraph 6) 

14. Claim 3 recites uploading client software to the user's computer in order to 
provide real-time authentication (See French Col. 6 Paragraph 7). 

15. Claim 4 recites generating a confirmation level based on the verification of the 
registration information (See French Col. 2 Paragraph 3). 

16. Claim 5 recites that verifying registration information includes verifying a medical 
license number, which the examiner is interpreting to mean any official personal 
identification information. French disclosed verifying a user's driver's license number 
and social security number (See French Fig. 11). 

17. Claim 13 recites initiating a challenge response sequence from a client computer 
when a user uses a digital credential (See French Fig. 1 Element 12). Claim 13 further 
recites receiving a challenge from a remote server (See French Fig. 1 Element 14). 
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Claim 13 finally recites responding to the challenge using the digital credential (See 
French Fig. 1 Elements 16, 18, 20, and 22). 

18. Claim 14 recites accessing a registration authority to receive the digital credential 
(See French Fig. 31). 

19. Claim 15 recites forwarding the digital credential to a central authentication 
service in response to the challenge received from the remote server (See French Col. 
5 Paragraph 8 - Col. 6 Paragraph 2). 

20. Claim 16 recites a browser configured to access a remote server (See French 
Col. 5 paragraph 4), and a plug-in module executed by the browser to cause the server 
to perform a challenge response sequence when a user uses a digital credential. 
French disclosed the use of Java applets in the authentication process to challenge for 
user information (See French Col. 6 Paragraph 7 and Fig. 31) 

21. Claim 17 recites the plug-in being a java applet (See French Col. 6 Paragraph 
7). 

22. Claim 25 recites an authentication server (See French Fig. 12 Element 120) in 
communication with a database (See French Fig. 12 Element 152), in which the 
database stores user input from a registration authority (See French Fig. 12 Element - 
130) and the authentication server verifies the information in the database (See French 
Col. 5 Paragraph 6 and Col. 6 Paragraph 5). 

23. Claim 26 recites the authentication server receiving a digital credential from a 
relying party (See French Col. 11 Paragraph 4). 
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24. Claim 27 recites verifying an identity of a user based on the digital credential, a 
registration status of the user, and authenticating the digital credential based on the 
verifications (See French Fig. 1 Elements 32, 34, and 38). 

25. Claim 38 recites creating a digital credential based on information received from 
a registration authority where the information includes both static and dynamic 
information (See rejection of claim 1 and further French Col. 2. Paragraph 10 - Col. 3 
Paragraph 1 ). 

26. Claim 39 recites the static information including registration information and the 
dynamic information including good standing information. French disclosed the 
information including name and address (registration information) (See French Col. 2. 
Paragraph 10 - Col. 3 Paragraph 1 ) as well as credit report information (good standing 
information) (See French Col. 3 Paragraph 3). 

27. Claim 40 recites updating the dynamic information. It was inherent that credit 
report information was updated regularly, as is required by credit reports. 

28. Claim 41 recites recording biometric data (See French Col. 12 Paragraph 4). 

29. Claims 6-8, 10-11, 18-19, and 28-32 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Menezes et al. ("Handbook of Applied Cryptography") hereinafter 
referred to as Menezes. 

30. Claim 6 recites receiving a digital credential associated with a user registered 
with a registration authority. Menezes disclosed acquiring a public-key certificate 
corresponding to a subject A (See Menezes Page 560 Section ii Lines 5-7) wherein 
subject A was registered with a certificate authority (See Menezes Page 560 Section i). 
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Claim 6 further recites verifying the identity and registration status of the user, 
thereby authenticating the digital credential. Menezes disclosed the acquired certificate 
agreeing with the user identity (See Menezes Page 560 Section ii Line 7). Menezes 
further disclosed verifying the certificate's timestamp, signature, and that the certificate 
had not been revoked (See Menezes Page 560 Section ii/4/a-d). Menezes also 
disclosed that this process is used to authenticate the digital certificate (See Menezes 
Page 560 Section ii/5). 

31 . Claim 7 recites that verifying the registration status includes accessing a local 
copy of registration information maintained by the registration authority. Menezes 
disclosed acquiring the certificate from a central public database and then verifying the 
timestamp validity period in the certificate (See Menezes Page 560 Section ii/3-4). 

32. Claim 8 recites that verifying registration status includes querying the registration 
authority. Menezes disclosed acquiring the public key of the certification authority in 
order to verify the information in the certificate (See Menezes Page 560 Section ii/1 , 4b- 
c). 

33. Claim 10 recites verifying the signature on the digital credential using a public 
key of the registration authority (See Menezes Page 560 Section ii/4/c). 

34. Claim 1 1 recites reporting the result of the verification to the relying party. 
Menezes disclosed party B (the relying party) accepting the public key in the certificate 
as authentic depending on the verifying steps performed on the certificate (See 
Menezes Page 560 Section ii/5). It was inherent that the result of the verification was 
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reported to party B in order for the key to be either authenticated or not depending on 
the result of the verification. 

35. Claim 18 rejected under 35 U.S.C. 102(b) as being anticipated by 
AberdeenGroup (Evaluating the Cost of Ownership for Digital Certificate Projects). 
Claim 18 recites forming a contract with a relying party to centrally authenticate digital 
credentials issued by a registration authority, and charging the relying party. 
AberdeenGroup disclosed VeriSign, a well-known Certificate Authority for authenticating 
digital certificates, charging for its services on a time basis (See AberdeenGroup Fig. 1). 
This constitutes a subscription and therefore a contract is inherently formed. 

36. Claim 19 recites charging on a subscription basis. Aberdeen disclosed that 
VeriSign charged on a timed basis (See AberdeenGroup Fig. 1). This constitutes a 
subscription. 

37. Claims 28-32 are rejected for the same reasons as claims 6-10 above and further 
because it was inherent that computer program instructions were provided for the 
authentication of Menezes to function properly in a computer environment. 



Claim Rejections - 35 USC § 103 

38. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
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subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 

39. Claim 9 rejected under 35 U.S.C. 103(a) as being unpatentable over Menezes as 
applied to claim 6 above, and further in view of Aucsmith et al. (U.S. Patent Number 
5,712,914) hereinafter referred to as Aucsmith. 

Menezes disclosed a method of verifying digital certificates and verifying a 
registration status (See Menezes Page 560 Section ii), but Menezes failed to disclose 
that checking the registration status included checking the validity of a license of the 
user. 

Aucsmith teaches that digital certificates can be used in order to validate a 
driver's license (See Aucsmith Col. 13 Paragraph 2). Aucsmith teaches that the 
certificate is first validated, at which point the driver's license in the certificate is 
validated (See Aucsmith Col. 13 Paragraph 2). 

It would have been obvious to the ordinary person skilled in the art at the time 
invention to employ the teachings of Aucsmith to the digital certificates of Menezes in 
order to provide a method for authenticating a driver's license. This would have been 
obvious because one of ordinary skill in the art would have been motivated to provide a 
secure method of identification to a user. 

40. Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Menezes as applied to claim 6 above, and further in view of Wobber et al. (U.S. Patent 
Number 5,235,642) hereinafter referred to as Wobber. 
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Menezes disclosed a method of verifying digital certificates and verifying a 
registration status (See Menezes Page 560 Section ii), but Menezes failed to disclose 
storing the result of the verification in an activity log. 

Wobber teaches that the authentication process can be expedited if the result of 
the authentication is stored in a record along with the authentication credentials (See 
Wobber Col. 2 Paragraph 2). 

It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Wobber to the authentication method of Menezes. 
This would have been obvious because the ordinary person skilled in the art would have 
been motivated to provide the user with the quickest authentication possible. 
41 . Claim 20 rejected under 35 U.S.C. 103(a) as being unpatentable over 
AberdeenGroup as applied to claim 18 above, and further in view of Magic, Inc. 
("Meteor Security: Some Speculations"), hereinafter referred to as Magic. 

AberdeenGroup disclosed charging a subscription fee for an authentication 
service utilizing digital certificates (See AberdeenGroup Fig. 1), but failed to disclose the 
possibility of charging on a use-by-use basis. 

Magic teaches that if the number of financial and school partners is low, then it 
would be cost-effective to use ACES certificates for communication security (See Magic 
Page 3 Paragraph 3). Magic further teaches that ACES certificates charge a per use 
transaction fee (See Magic Paragraph 2 Line 1). 

It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Magic to the method of AberdeenGroup in order to 
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charge for the use of digital certificates. This would have been obvious because one of 
ordinary skill in the art would have been motivated to provide a cost-effective way to 
provide the security of digital certificates to a user. 

42. Claim 21 rejected under 35 U.S.C. 103(a) as being unpatentable over 
AberdeenGroup as applied to claim 18 above, and further in view of Menezes. 

AberdeenGroup disclosed a subscription based authentication service utilizing 
digital certificates (See AberdeenGroup Fig. 1), but failed to disclose how to implement 
the digital certificates. 

Menezes teaches a method for implementing digital certificates which includes 
verifying the identity of a user based on a digital credential and verifying a registration 
status of the user with a registration authority (See rejection of Claim 6 above). 

It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Menezes to the method of AberdeenGroup in order 
to implement the digital certificates. This would have been obvious because the 
ordinary person skilled in the art would have been motivated to provide the security of 
digital certificates to its users. 

43. Claim 22 rejected under 35 U.S.C. 103(a) as being unpatentable over 
AberdeenGroup as applied to claim 18 above, and further in view of Matonis ("User- 
Friendly Digital Signatures"), hereinafter referred to as Matonis. 

AberdeenGroup disclosed a subscription based authentication service utilizing 
digital certificates (See AberdeenGroup Fig. 1), but failed to disclose requiring the 
communications between users to be required in the contract. 
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Matonis teaches that in order to guarantee authentication of a sender, the use of 
digital signatures must be enforced (See Matonis Page 26). 

It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Matonis to the method of AberdeenGroup in order 
to enforce the use of digital signatures by requiring it in the contract. This would have 
been obvious because the ordinary person skilled in the art would have been motivated 
to guarantee the authentication of a sender to a receiver. 

44. Claims 23 and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over French, and further in view of Herrmann (U.S. Patent Number 5,995,756) 
hereinafter referred to as Herrmann. 

French disclosed a method for authenticating users in order to issue a digital 
certificate involving providing an input form to a user, receiving the completed form and 
forwarding the digital credentials from the completed form to an authentication server 
(See French Fig.1, 31-33, and 45, and Col. 14 Paragraph 4), but French failed to 
disclose that the input form was digitally signed before providing it to the enrollee. 

Herrmann teaches that an electronic application form can be digitally signed 
before providing the user with the form in order to authenticate the form provider (See 
Herrmann Col. 7 Paragraph 4). 

It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Herrmann in the method of French in order to 
provide a digitally signed form to the user applying for a digital certificate. This would 
have been obvious because the ordinary person skilled in the art would have been 
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motivated to provide the applicant with a guarantee of authenticity of the electronic 
forms. 

45. Claim 33 is rejected for the same reasons as claims 23, 35, and 37 above. 

46. Claim 34 rejected under 35 U.S.C. 103(a) as being unpatentable over French, 
and further in view of Menezes. 

French teaches a method for issuing digital certificates to users (See French 
Abstract), but French fails to disclose how the digital certificates are verified once they 
have been issued. 

Menezes teaches that when a digital certificate is used, a certification authority 
verifies the uses of the certificate (See Menezes Page 560 Section ii). 

It would have been obvious to the ordinary person skilled in the art at the time of 
invention to employ the teachings of Menezes in the method of French in order to 
authenticate the use of a digital certificate. This would have been obvious because the 
ordinary person would have been motivated to provide authentication of the certificates 
it issued, as is inherently necessary in the use of digital certificates. 

Claim 35 recites recording the uses of the digital credential at the authentication 
service (See French Col. 5 Paragraph 6). 

Claim 36 is rejected for the same reasons as claim 6 and 1 1 above as applied to 
claim 35. 

Claim 37 recites a plurality of relying parties (See Menezes Page 559 Section 
13.4.2 Paragraph 1). 
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Conclusion 



47. Claims 1-41 have been rejected. 

48. Any inquiry concerning this communication should be directed to Matthew 
Henning whose telephone number is (703) 305-0713. The examiner can normally be 
reached Monday-Friday from 9am to 4pm, EST. 

If attempts to reach examiner by telephone are unsuccessful, the examiner's 
acting supervisor, Ayaz Sheikh, can be reached at (703) 305-9648. The fax phone 
number for this group is (703) 305-3718. 

Any inquiry of general nature or relating to the status of this application or 
proceeding should be directed to the Group receptionist whose telephone number is 
(703) 305-3900. 




AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




Matthew Henning 
Assistant Examiner 
Art Unit 2131 



